The RFID Hackers Revealed – Real RFID Hacking

Outsmart Malicious Hackers


This a very interesting read, the tale of an RFID hacker.

I was always sceptical about RFID I have to say, when everything is tagged, criminals can just drive by your house and scan everything, see what TV you have, which DVD player, how many high value electrical goods, and choose which houses they want to burgle.

The governments can install RFID readers in lamposts everywhere to track your movements from the RFID tags in the underpants you just bought..

Am I being paranoid?

James Van Bokkelen is about to be robbed. A wealthy software entrepreneur, Van Bokkelen will be the latest victim of some punk with a laptop. But this won’t be an email scam or bank account hack. A skinny 23-year-old named Jonathan Westhues plans to use a cheap, homemade USB device to swipe the office key out of Van Bokkelen’s back pocket.

“I just need to bump into James and get my hand within a few inches of him,” Westhues says. We’re shivering in the early spring air outside the offices of Sandstorm, the Internet security company Van Bokkelen runs north of Boston. As Van Bokkelen approaches from the parking lot, Westhues brushes past him. A coil of copper wire flashes briefly in Westhues’ palm, then disappears.

The guy can clone the signal, then reverse it and play it back to the card reader in your office, bingo, he just broke in without raising any alarms.

Van Bokkelen enters the building, and Westhues returns to me. “Let’s see if I’ve got his keys,” he says, meaning the signal from Van Bokkelen’s smartcard badge. The card contains an RFID sensor chip, which emits a short burst of radio waves when activated by the reader next to Sandstorm’s door. If the signal translates into an authorized ID number, the door unlocks.

The coil in Westhues’ hand is the antenna for the wallet-sized device he calls a cloner, which is currently shoved up his sleeve. The cloner can elicit, record, and mimic signals from smartcard RFID chips. Westhues takes out the device and, using a USB cable, connects it to his laptop and downloads the data from Van Bokkelen’s card for processing. Then, satisfied that he has retrieved the code, Westhues switches the cloner from Record mode to Emit. We head to the locked door.

Source: Wired

Posted in: Hardware Hacking, Wireless Hacking

, ,


Latest Posts:


BootStomp - Find Bootloader Vulnerabilities BootStomp – Find Android Bootloader Vulnerabilities
BootStomp is a Python-based tool, with Docker support that helps you find two different classes of bootloader vulnerabilities and bugs.
Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018
Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68.
altdns - Subdomain Recon Tool With Permutation Generation altdns – Subdomain Recon Tool With Permutation Generation
Altdns is a subdomain recon tool in Python that allows for the discovery of subdomains that conform to patterns. The tool takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
0-Day Flash Vulnerability Exploited In The Wild 0-Day Flash Vulnerability Exploited In The Wild
So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 28.0.0.137 and earlier versions
dorkbot - Command-Line Tool For Google Dorking dorkbot – Command-Line Tool For Google Dorking
dorkbot is a modular command-line tool for Google dorking, which is performing vulnerability scans against a set of web pages returned by Google search queries in a given Google Custom Search Engine.
USBPcap - USB Packet Capture For Windows USBPcap – USB Packet Capture For Windows
USBPcap is an open-source USB Packet Capture tool for Windows that can be used together with Wireshark in order to analyse USB traffic without using a Virtual Machine.


3 Responses to The RFID Hackers Revealed – Real RFID Hacking

  1. Howard May 19, 2006 at 6:52 am #

    Actually, I’m looking forward to a burglary-free future due to technology.

    Imagine if every high value item had a GPS locator in them. They could be battery powered, and only start broadcasting when the power was unplugged.

    And it doesn’t have to be GPS, could be done with triagulation between Wifi stations, bluetooth snarfing, cell phone towers, etc.

    Yes, the clever crooks could take precautions, but the burglars around where I live are nearly that clever…

  2. psst pssst December 12, 2007 at 9:20 pm #

    pssst, what about the security cameras

  3. Mai November 20, 2008 at 8:36 pm #

    the problem is that even when they add the tag they’re terrible at making things secure so you could probably just remove the tag or change the signal to be untraceable and technology also makes detectives more lazy so that they can’t do their job without the technology or the technical know how to keep it up